Google+ Badge

Thursday, 12 March 2015

n00bs CTF Labs Level 8

Y3sh, I have skipped level 7 since I got stuck at the page itself, so here is my solution to level 8. You can find the challenge from this link and explore from the drop-down menu or directly to this level.

This is fairly simple and kinda straight forward. The page itself was presented similar to level 6 where we have to download a file to get going.

Similar to level 6 as well, we would have to analyze the file downloaded. However, this time, its an executable .exe file instead of a .pcap. With some experience dealing with .exe and some other executable files from my studies, I recommend to try viewing its static contents with a hex editor above anything else. If you are using a linux machine or OS, you could also get similar results by running a 'string' command against this file.

In my solution, I have downloaded, installed and used a hex editor since I am lazy enough to not launch my linux VM =P. What you can see below is the screen capture of Hex Edit reading the static ASCII contents from the file downloaded (app.exe).

After some scrolling downwards, we will find the ASCII string of the flag itself. For the curious ones, just hit 'CTRL+F' then search for the keyword 'flag'.